Monitoring of an operational status of a microprocessor or the like, referring to and modification of contents of a program or memory, and the like have been performed by controlling an action of the microprocessor or the like using a debug program, i.e., a debugger, operating on a personal computer (hereinafter referred to as a PC) or an engineering workstation (hereinafter referred to as an EWS).
For example, a PC or an EWS on which a debug program is operating is connected to a SoC (System-On-a-Chip) incorporating a microprocessor via a JTAG (Joint Test Action Group) ICE (In-Circuit Emulator). When an operator who develops a piece of software and analyzes failures in the piece of software performs a manipulation directed toward the microprocessor in the SoC on the debug program of the PC or the EWS, details of the manipulation are transmitted to a JTAG interface (I/F) in the SoC via the JTAG ICE. The JTAG I/F converts the manipulation of the operator into actions, transmission of an interrupt request for debugging (hereinafter referred to as a debug interrupt request) to the microprocessor, provision of an interrupt handler (hereinafter referred to as a debug interrupt handler) which implements an action of the microprocessor intended for debugging by the operator, and input and output of data. Use of a JTAG I/F as an internal circuit communications interface incorporated in such a SoC makes it possible to easily know an operational status of a microprocessor, memory contents, and the like. Accordingly, the above-described method is extremely useful for development of a Soc and a program, analysis of failures in the SoC and the program, and the like.
On the other hand, use of the method may allow reading of confidential information such as a highly confidential program or highly confidential data in a microprocessor even after a semiconductor device such as a SoC is developed and comes on the market.
Under the circumstances, when highly confidential processing is to be performed by a program for a microprocessor of a semiconductor device after development of the semiconductor device, a mechanism for protecting a program and data to be processed needs to be provided within the semiconductor device in order to prevent leakage of confidential information via a JTAG I/F. For example, methods such as providing a circuit in a SoC for blocking out input and output of data in accordance with an external predetermined signal, providing another processor in the SoC to control connection to the JTAG I/F, and connecting a device for controlling connection between the JTAG I/F and the processor to the JTAG I/F have been proposed to protect confidential information.
However, provision of a pin for inputting and outputting the external predetermined signal at a semiconductor chip or provision of the different microprocessor only for controlling connection to the JTAG I/F leads to an increase in cost of semiconductor devices and an increase in chip size. Direct manipulation of the device controlling the connection between the JTAG I/F and the processor by manipulating the JTAG I/F poses a security problem and a problem of vulnerability to analysis by a malicious person.